[Secure-testing-commits] r33410 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Apr 7 08:45:26 UTC 2015
Author: jmm
Date: 2015-04-07 08:45:26 +0000 (Tue, 07 Apr 2015)
New Revision: 33410
Modified:
data/CVE/list
Log:
mediawiki CVE assignments
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-07 05:00:51 UTC (rev 33409)
+++ data/CVE/list 2015-04-07 08:45:26 UTC (rev 33410)
@@ -336,10 +336,56 @@
CVE-2015-XXXX [xdeb: disables apt's signature checks]
- xdeb <unfixed> (bug #781595)
[wheezy] - xdeb <no-dsa> (Minor issue)
-CVE-2015-XXXX [MediaWiki 1.19.24, 1.23.9, 1.24.2]
+CVE-2015-2931 [MediaWiki circumvent the SVG MIME blacklist for embedded resources]
- mediawiki 1:1.19.20+dfsg-2.3
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2932 [MediaWiki incomplete filter of animate elements]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2933 [MediaWiki XSS related to LanguageConverter substitutions]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2934 [MediaWiki bypass of SVG filtering]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2935 [MediaWiki information leak]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2936 [MediaWiki DoS]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2937 [MediaWiki quadratic blowup DoS]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2938 [MediaWiki XSS in preview]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2939 [MediaWiki XSS in Lua backtraces]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2940 [MediaWiki CSRF]
+ - mediawiki 1:1.19.20+dfsg-2.3
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2941 [MediaWiki XSS on HHVM]
+ - mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
+ NOTE: HHVM not packaged in Debian
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+CVE-2015-2942 [MediaWiki quadractic blowup on HHVM]
+ - mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
+ NOTE: HHVM not packaged in Debian
+ NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 ...)
NOT-FOR-US: MyBB
CVE-2015-2784
More information about the Secure-testing-commits
mailing list